A company has drafted an Insider-threat policy that prohibits the use of external storage devices. Which of the following would BEST protect the company from data exfiltration via removable media?
A. Monitoring large data transfer transactions in the firewall logs
B. Developing mandatory training to educate employees about the removable media policy
C. Implementing a group policy to block user access to system files
D. Blocking removable-media devices and write capabilities using a host-based security tool
A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better:
A. validate the vulnerability exists in the organization's network through penetration testing.
B. research the appropriate mitigation techniques in a vulnerability database.
C. find the software patches that are required to mitigate a vulnerability.
D. prioritize remediation of vulnerabilities based on the possible impact.
A cryptographer has developed a new proprietary hash function for a company and solicited employees to test the function before recommending its implementation. An employee takes the plaintext version of a document and hashes it, then changes the original plaintext document slightly and hashes it, and continues repeating this process until two identical hash values are produced from two different documents. Which of the following BEST describes this cryptographic attack?
A. Brute force
B. Known plaintext
C. Replay
D. Collision
During an incident, a company's CIRT determines it is necessary to observe the continued network- based transactions between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?
A. Physically move the PC to a separate Internet point of presence.
B. Create and apply microsegmentation rules.
C. Emulate the malware in a heavily monitored DMZ segment.
D. Apply network blacklisting rules for the adversary domain.
Which of the following would MOST likely support the integrity of a voting machine?
A. Asymmetric encryption
B. Blockchain
C. Transport Layer Security
D. Perfect forward secrecy
Which of the following is the MOST likely motivation for a script kiddie threat actor?
A. Financial gain
B. Notoriety
C. Political expression
D. Corporate espionage
A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site. Upon Investigation, a security analyst identifies the following:
*
The legitimate website's IP address is 10.1.1.20 and eRecruit.local resolves to this IP.
*
The forged website's IP address appears to be 10.2.12.99. based on NetFlow records.
*
All three of the organization's DNS servers show the website correctly resolves to the legitimate IP.
*
DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the approximate time of the suspected compromise. Which of the following MOST likely occurred?
A.
A reverse proxy was used to redirect network traffic.
B.
An SSL strip MITM attack was performed.
C.
An attacker temporarily poisoned a name server.
D.
An ARP poisoning attack was successfully executed.
Ann. a user, reported to the service desk that many files on her computer will not open or the contents are not readable. The service desk technician asked Ann if she encountered any strange messages on boot-up or login, and Ann indicated she did not. Which of the following has MOST likely occurred on Ann's computer?
A. The hard drive is falling, and the files are being corrupted.
B. The computer has been infected with crypto-malware.
C. A replay attack has occurred.
D. A keylogger has been installed.
A security administrator needs to create a RAID configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drives will fail simultaneously. Which of the following RAID configurations should the administrator use?
A. RAID 0
B. RAID 1
C. RAID 5 D. RAID 10
A network administrator was concerned during an audit that users were able to use the same passwords the day after a password change policy took effect. The following settings are in place:
*
Users must change their passwords every 30 days.
*
Users cannot reuse the last 10 passwords.
Which of the following settings would prevent users from being able to immediately reuse the same passwords?
A.
Minimum password age of five days
B.
Password history of ten passwords
C.
Password length greater than ten characters
D.
Complex passwords must be used
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-501 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.